Security Compliance Engineer

Position Description

Valiant Solutions is seeking a Security Compliance Engineer  to join our rapidly growing and innovative cybersecurity team!

Valiant Solutions is looking for a self-motivated Security Compliance Engineer to join our Security Engineering division.  The selected candidate will play a key role providing guidance to our client for multiple FISMA systems. This role involves the use of a mixture of technical and compliance skills, supporting system security from design inception through to system decommission. You’ll have the opportunity to provide security guidance on system architectures, review and improve documentation, and identify risk and develop remediation plans. Your role will directly support business efficiency by working to make security as seamless as possible.

The selected candidate must have current knowledge and skills in the most current cloud security technologies including but not limited to AWS, GCP, and Azure.  Have expert knowledge of security best practices and engineering principles such as virtualization security, web application security, network architecture, container technology, CICD pipeline, logging tools, hardening best practices, encryption, FIPS validation, vulnerability management,configuration management, and multi-factor authentication.

The selected candidate must stay abreast of threats, vulnerabilities, and emerging issues that stand to impact Federal information systems.  In addition, the candidate must understand the governing laws, regulations, methodologies and/or policies to provide authoritative technical guidance on all issues related to the assigned program.

Valiant Solutions is a company that cares about its employees- we've been named one of the Best Places to Work in the Washington DC area TEN years in a row !  If you are interested in learning more about Valiant and this opportunity, we invite you to apply now! 

This position allows for 100% remote work. Remote work necessitates a high-level trust in our employees and we strictly adhere to the details found below in our Remote Work Policy. 

Required Experience

• 5+ years of experience in the IT security field
• Bachelor's degree in Computer Science, Information Systems, Mathematics, Engineering, or related degree or an additional three (3) years of relevant experience.
• 4+ years experience supporting A&A (NIST 800-53) and compliance activities
• 4+  years of hands-on technical experience as a System Architect or Security Engineer
• Direct experience with NIST 171 is preferred
• Experience in reviewing 3rd party security assessment reports
• Experiene in cloud security technologies including but not limited to AWS, GCP, and Azure
• Have detailed knowledge and experience with  NIST Policies, Governance, Security Planning and Architecture, FISMA Compliance, RMF, Incident Analysis, and General Security Best Practices. 
• Possess strong written and oral communication skills to support customers, internal stakeholders, peers, and public audiences.
• Ability to communicate, both written and orally, to both technical and non-technical stakeholders.                          
• Technical expertise with Nessus Tenable Security and NetSparker reports.
• Strong communications skills to interact with senior managers, junior staff, and business unit (non-technical) customers. 
• Certifications: Security+, CISSP, CISM, CISA, or equivalent Security certifications are strongly preferred

Responsibilities:

• Provide security guidance for systems during the design and development of systems so the system achieves an ATO
• Develop and improve security compliance and privacy documentation in support of system ATOs and their maintenance during on-going authorization
• Collaborate with multiple security and infrastructure teams on the integration of security tooling and mechanisms
• Perform detailed architecture and technical design reviews on the full stack for vendor solutions (example of some areas requiring detailed analysis):
• Assess and document encryption standards for encryption at rest and in transit (what cipher sets are used? What type of encryption? etc)
• Assess and document authentication mechanisms for all points in the system (Is MFA implemented at all authentication points? Is the MFA solution approved and compliant with NIST and agency standards?)
• Assess and document session management and control for all layers of the system
• Schedule and lead screen sharing sessions with the vendors to gain full understanding of the technology stack, document all security relevant information required for the architecture review, and create a full report for presentation to the CISO
• Serves as the IT security POC (ISSO) for assigned systems to ensure agency information systems comply with FISMA OMB and agency Policies.
• Oversee and manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.
• Assist stakeholders with IT security related activities to ensure project deadlines are met. 
• Ensure security activities are implemented throughout the SDLC from beginning to end.
• Ensure all systems are operated, maintained and disposed of IAW documented security policies and procedures including but not limited to Assessment & Authorization (A&A). 
• Support the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.
• Research assigned IT security systems to provide insight on IT security architectures and IT security recommendations for assigned systems.
• Report, and respond to security incidents.
• Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to see that vulnerabilities are re-mediated as appropriate.
• Promote Information Security Awareness and provide training.

About Valiant Solutions

Valiant Solutions is a security-focused IT solutions provider with public clients nationwide. We are a HUBZone small business and we encourage all candidates who live in a HUBZone to apply. Named one of the fastest growing privately held companies by Inc. 5000, Washington Technology’s Fast 50, and Washington Business Journal’s Best Places to Work in the D.C. area, Valiant Solutions prides itself on providing its employees with great benefits and career development opportunities. As a company, we are just as committed to growing careers as we are to building world-class IT solutions, all while enjoying an unparalleled work-life balance. We are in a phase of tremendous growth and building the team that will take us to the next level. We seek people whose talents and accomplishments will contribute to a thriving company, who have the character to support their capacity, and can make a positive impact on our culture. Alongside our talented team, you’ll learn to think quickly on your feet and expand your own personal and professional skill set. Our management team will inspire you to consider new perspectives and challenge you to become a better practitioner in the fast-paced industry of IT security. We hire people we respect – and we trust them to deliver results leveraging their expertise. If you would enjoy working in a dynamic environment as part of a stellar team of professionals, then we invite you to apply online today.

Benefits Snapshot (includes, but not limited to)

Valiant pays 99% of the Medical, Dental, and Vision Coverage for Full-time Employees

Valiant contributes 25% towards Health Coverage for Family and Dependents

100% Paid Short Term Disability and Life Insurance Policy for Full-time Employees

100% Paid Certifications

401K Matching up to 4%

Paid Time Off

Paid Federal Holidays 

Paid Time On – 40 hours to pursue innovation

Wellness & Fitness Program

Valiant University – Online Education and Training Portal

Reimbursement for Public Transit and Parking

FSA programs for: Medical Costs, Dependent Care, Transit, and Parking

Referral Bonuses

Remote Work Policy  

Remote work necessitates a high level of trust in our employees. To ensure that employee performance does not suffer in a remote work environment, all employees who telecommute are expected to have a quiet and distraction-free workspace with adequate internet, dedicate their full attention and availability to their job duties during working hours, and maintain a schedule during core business hours that align with those of their coworkers and Valiant's clients. In alignment with Valiant's inclusive and engaging environment, cameras are encouraged and can be required to be on during virtual video conferences. Additionally, in alignment with the Office of the Inspector General’s effort to eliminate conflicting employment, all Valiant employees are required to disclose any current or future outside employment engagements. During onboarding and throughout employment, employees must disclose any current activities or intent to engage in outside employment or other professional activities and obtain written approval.  Employees may not solicit or conduct any outside business during core business hours for Valiant Solutions and our clients.

Equal Employment Opportunity

Valiant Solutions is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, ethnicity, color, national origin, sex (including pregnancy, sex stereotyping, gender identity, gender expression or transgender status), religion, age, marital status, sexual orientation, military/veteran status, physical or mental disability, genetic information/history or any other personal characteristic protected by law.

Physical Demands

Sitting or standing at a desk for prolonged periods of time and consistent operation of a computer. Frequent communication and exchanging of accurate information via electronic communication, phones, and in person. Occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of the job.

Authorization to Share Resume and Personal Information

By submitting your resume for this position, you authorize Valiant Solutions to share your resume, as well as, personal information included on the resume, with its subsidiaries, affiliates and teaming partners for the purpose of considering you for this position and other available positions requiring comparable skills, education and experience. Should Valiant Solutions or its affiliates and teaming partners wish to initiate pre-employment discussions, you will be asked to complete an employment application and related employment documents.